General Application

Top and emerging risks

The risk environment is not static. An important component of an enterprise risk management approach is to ensure that top risks which are evolving or emerging are appropriately identified, managed, and incorporated into the existing risk management assessment, measurement, monitoring and escalation processes.

Risk oversight activities that can lead to identification of new, evolving or emerging risks include control mechanisms (e.g. approval of new projects, initiatives, transactions or products), business strategy development, stress testing, portfolio level measurement, monitoring and reporting activities, and the ongoing assessment of industry and regulatory developments.

Risk conduct

Risk conduct is a shared set of behavioral norms that sustain core values, protects and safeguards project stakeholders' values and integrity, as well as protects the organization from undue or exceptional and unnecessary risk. In other words, risk conduct defines how the program organizations should operate by instilling a mindset relating to risk and "doing what is right" consistent with these values and Code of Conduct.

Effective project risk management includes four key components in particular. These are:

Attitude towards project risk at the top of the organization and middle management;

Accountability that is shared across all project management components and their participants;

Recognition and appreciation linked to the assigned risk profile for the project or component in question, given the organization's risk appetite for the program of concern;

Nevertheless, providing an effective challenge that promotes constructive discussion of different points of view on the compounding of risk levels being taken; and

A strong ethical culture of integrity and compliance with the organization's established code of conduct that addresses the variety of ethical and legal concerns that face project management participants on a daily basis.

Risk appetite

Risk appetite is the amount and type of risk a project is capable of sustaining in pursuit of both its individual project objective as well as the combined risk of the whole program or portfolio under the same management. Three aspects need considering:

The amount of unrecoverable financial investment-to-date;

The amount of "capital" investment, including further cost-to-recover, staff morale, and public opinion; and